powered by Jive Software

Stackoverflow error with EXTERNAL SASL auth to https listener

Could I get a bug opened for the stack overflow issue discussed in this pull request?

4.0.x branch - EXTERNAL auth with BOSH - avoid NPE when peer certificates array is null by hdeadman · Pull Request #638

The pull request was for 4.0 branch but one of the errors addressed by it is still happening in 4.1.1.

Here is the stack trace en-route to the stackoverflowerror.

HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 HttpSession$HttpVirtualConnection.getConfiguration() line: 1146 ExternalClientSaslServer.evaluateResponse(byte[]) line: 65 SASLAuthentication.handle(LocalSession, Element) line: 324 SessionPacketRouter.route(Element) line: 64 HttpSession.sendPendingPackets() line: 639 HttpSession$HttpPacketSender.run() line: 1271 ThreadPoolExecutor.runWorker(ThreadPoolExecutor$Worker) line: 1142 ThreadPoolExecutor$Worker.run() line: 617 Thread.run() line: 745

The HttpSession$HttpVirtualConnection is doing:

public ConnectionConfiguration getConfiguration() {

return session.getConnection().getConfiguration();

}

and session.getConnection() is returning a reference to itself so it gets stuck recursively calling itself. The other implementations of getConfiguration() are either returning null or generating global configuration for C2S or S2S. They typically have comments about how its a hack but I think they are preferable to a StackOverflowError. Would a pull request that made getConfiguration() from HttpSession$HttpVirtualConnection look like the impl in ClientSessionConnection be acceptable?

For example, in ClientSessionConnection:

public ConnectionConfiguration getConfiguration()

{

// Here, a client-to-server configuration is mocked. It is likely not used, as actual connection handling takes

// place at the connection manager.

final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());

return connectionManager.getListener( ConnectionType.SOCKET_C2S, true ).generateConnectionConfiguration();

}

and SocketConnection:

public ConnectionConfiguration getConfiguration()

{

// This is an ugly hack to get backwards compatibility with the pre-MINA era. As this implementation is being

// removed (it is marked as deprecated - at the time of writing, it is only used for S2S). The ugly hack: assume

// S2S:

final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());

return connectionManager.getListener( ConnectionType.SOCKET_S2S, false ).generateConnectionConfiguration();

}